Solve account issues trying to federate with Azure AD

Solve account issues trying to federate with Azure AD

Q. I'm receiving an error converting an Azure AD instance to federated related to the account being in the domain, what can I do?

A. I had an Azure AD instance that I wanted to switch over to federated authentication instead of standard however when trying to perform the conversion I received the error below:

PS C:\Users\john.SAVILLTECH> Convert-MsolDomainToFederated –DomainName ''
Convert-MsolDomainToFederated : You cannot convert the specified domain to use identity federation because the account you are currently signed in with 
is a member of the domain Please sign in to the service using an account that is a member of the company administrators role and is not 
part of the domain, and then try again.
At line:1 char:1
+ Convert-MsolDomainToFederated –DomainName ''
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Convert-MsolDomainToFederated], FederationException
+ FullyQualifiedErrorId : CannotConvertDomainToFederatedAsADomainUser,Microsoft.Online.Identity.Federation.Powershell.ConvertDomainToFederated

The problem was that I was using an account that was a global admin role but was actually part of the Azure AD custom domain name, i.e. The solution is to use an account that is part of the tenant but has the extension, e.g. This account also must be a global admin and then the conversion will work.

Each week, John Savill answers all of your toughest tech questions about the worlds of Windows Server, Azure, and beyond. Read his past IT advice here, and email your questions to

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.